PGPSnippet Ransomware

Posted: May 22, 2018

PGPSnippet Ransomware Description

The PGPSnippet Ransomware is a file-locker Trojan that scans your PC for all non-essential file types and blocks them with encryption. The threat also leaves '.decodeme666@tutanota_com' extensions on the data that it holds hostage and creates a text message for ransoming an unlocking service. Have your anti-malware products block or delete the PGPSnippet Ransomware, and use backups or free decryption solutions for restoring any files.

Trojans Taking More than a Snippet of Your Files

A new Windows threat, which many cybersecurity products are flagging as a variant of the Zusy banking Trojan incorrectly, is undergoing the startup phase of a campaign for ransoming its victims' files for Bitcoins. The PGPSnippet Ransomware, which is similar to well-known Trojans with encryption-based payloads like the Globe Ransomware or Hidden Tear, is not an evident relative of any past project or campaign. However, malware experts are rating it as capable of causing high quantities of file damage on par with that of the file-deleting Jigsaw Ransomware.

The PGPSnippet Ransomware doesn't delete the data that it encrypts but does ignore the traditional use of a format-based whitelist. The threat enumerates each hard drive in turn, and locks all non-OS files, regardless of whether they're documents, images, gaming components, software executables or any other data type. Malware experts, still, note that its author doesn't intend for the PGPSnippet Ransomware to 'wipe' the PC or damage the OS since doing so would prevent its ransoming message from being readable.

This file-locking Trojan delivers its demands via a Notepad file that contains a 500 USD payment request, via Bitcoins, which sidesteps the legal protections of a conventional, government-backed currency. The user is given three days to comply before the threat actor raises the price, with the e-mail address for negotiations added to both the text message and the names of the 'captive' files.

Snipping Bad-Faith Negotiators out of Your File System

Most file-locking Trojans use a filtering method that targets only a small subset of the media you save on your PC. Unlike most of them, the PGPSnippet Ransomware doesn't discriminate between prominent data types, such as Word documents, recreational ones, such as gaming saves, or software-critical ones, such as EXE executables. Malware experts also found an overall absence of filtration based on directories, although they have yet to see the PGPSnippet Ransomware damaging the operating system of any infected systems.

The PGPSnippet Ransomware campaign has yet to reveal its infection strategies for any substantial analysis. In previous attacks of threats with similar features, malware experts could confirm the abuse of in-browser scripts, document-based macros, spam e-mails, and brute-forcing non-secure passwords of remotely-accessible servers. A minority of file-locking Trojans also circulate throughout file-sharing networks and free software sites. Most anti-malware applications should eliminate the PGPSnippet Ransomware in all cases of attempted installations without the manual intervention of a threat actor.

Fortunately, the PGPSnippet Ransomware uses a non-secure encryption method, in the versions available to our malware experts. Contact researchers in the anti-malware community with cryptography experience for any assistance you need on recovering your files with a decryptor without rewarding a criminal for it.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PGPSnippet Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware PGPSnippet Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.